CVE-2017-15215
Publication date 11 October 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
Status
Package | Ubuntu Release | Status |
---|---|---|
shaarli | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release |
Notes
msalvatore
introduced by https://github.com/shaarli/Shaarli/commit/6ccd0b218fbd34de750f55b78f3dc43bb3d9fa8e
Patch details
Package | Patch details |
---|---|
shaarli |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |